Physical Theft

In Brief

A thief takes other people’s property by force or without them knowing. Theft can take place on all the items making up the stock of computer equipment. Such thefts may be committed in the premises of a company or while computer hardware is in transit.

Alongside theft, the loss of computer equipment can have a sizeable impact on the person involved.

What Items Are We Talking About?

Many items can be stolen or lost, and it is almost impossible to draw up an exhaustive list.

The equipment that is stolen most often are:

Laptop Computers

Having a considerable market value, high storage capacity, along with their small size makes laptop computers the targets of choice with regarding physical theft.

Removable Storage Media

This type of theft is less well known and at first glance may appear less dramatic, but it can have harmful consequences on the company concerned.

The theft of magnetic storage media (tapes, hard drives), optical storage media such as CDs (Compact Discs), DVDs (Digital Versatile Discs) or electronics such as USB sticks (Universal Serial Bus), used for security copies, main storage or backups, is very common and enables the theft of large quantities of data.

Mobile Phones

All the synchronisation functionalities between ‘GSM’ and IT solutions indicate that these items should be considered as part of the data processing chain.

What Are the Impacts?

The theft of IT equipment can lead to serious consequences. The damage suffered can be:

The value of the equipment or storage media

In the case of theft of equipment or storage media, the initial damage is certainly the financial loss owing to the cost of replacing the stolen hardware.

With regard to the theft of mobile phones, communications costs generated by the thief before the mobile phone is blocked by the service provider can be added to this.

Loss/theft of data

Depending on the use made of the stolen or found equipment, there could be many impacts with significant damage, such as loss of expertise, industrial espionage, disclosure of private information, loss of reputation for the relevant person, loss of financial data, loss of logical access keys, etc.

The damage for the people concerned is entirely different depending on the use of the hardware (reformatting to enable other usages, illegal use to penetrate a network, sale of data).

Software theft

The theft of laptop computers obviously involves the theft of all the software installed on this equipment. This includes public software and also software developed specially for the needs of the individual/company/administration.

Access to networks

The theft of equipment capable of connecting to a network or other peripherals via wireless network technology or remote access enables illicit connection to the network belonging to the person concerned. This access can be used to steal more information or to inflict other damage.

Loss of productivity

The lack of availability of this equipment often makes it impossible for the victim to get their work done. This loss of productivity relating to the loss of documents and applications can lead to a significant workload simply to restore the data and software to its original state at the time of the theft or loss. This is particularly true if the person concerned does not have any recent backups.

Identity theft

It is highly likely that the person responsible for the theft is able to use software such as email or e-banking type software while impersonating the legal owner. It is clear that in this case, the financial damage can quickly reach considerable sums.

What Are the Vulnerabilities Exploited?

Unfortunately, it is not possible to do away with all vulnerabilities, but we have to try to limit the potential impacts through checks, preventive measures, and detection mechanisms.

Physical Security

Effective access control for offices and computer rooms must be introduced. Remote access management should be rigorously monitored.

Human Errors

It is statistically proven that human error, lack of foresight, negligence or losses and omissions remain the biggest source of the loss of computer equipment.

How Can We Protect Ourselves?

It is worth pointing out the difference between preventive measures, which role is to prevent this type of event from arising, and other measures, the aim of which is to detect and monitor this type of event, or even to limit the impact.

Procedures

The existence of a security policy, its internal publication, respect and monitoring of procedures relating to the use, transportation and storage of digital storage media enable you to substantially reduce the loss or theft of digital media. (SMEs: see Physical and environmental security policy and Systems development and maintenance policy and policy on Operational and communications aspects).

The existence and compliance with the procedures to apply in the event of the theft or loss of data, such as filtering network access based on MAC (Media Access Control) address or other, the withdrawal of remote access, the blocking of VPN (Virtual Private Network) clients or changing all user passwords are crucial measures to limit the impact.

This countermeasure cannot be said to be preventive, even if its presence and communication may discourage thefts internally.

Hardware inventory management

Only a detailed inventory will enable remote access (access management) from stolen equipment to be refused and it could be used as the basis for dialogue with the insurer.

Limits on the use of external storage media

The number of thefts or losses of digital storage media (discs, CD-ROMs, etc.) is proportional to the number of storage devices in circulation. It may therefore be of interest to firstly limit and secondly monitor the usage of such media (SMEs: see Insertion or removal of hardware).

The blockage of certain peripherals such as USB ports (Universal Serial Bus) can avoid the illicit use of certain storage media devices.

This countermeasure can be qualified as preventive.

The use of cable locks

Small mechanisms are available for purchase which enable laptop computers to be attached to furniture. Unfortunately, these often fail to prevent thefts from occurring, they still make each attempt of theft a longer and more visible task.

This countermeasure can be qualified as preventive.

Password protection – encryption

It is strongly advisable to use special software to encrypt data saved on laptop computers. These tools make it almost impossible to use stolen data. (Example: TrueCrypt)

As always, make sure you use ‘strong’ passwords.

Encryption is an effective protection against loss of confidentiality in the event of theft.

This countermeasure can be qualified as preventive.

Equipment marking

Whether using stickers or engraving, the marking of computer equipment remains a significant dissuasive factor against theft.

This countermeasure can be qualified as preventive.